X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=fs%2Fcifs%2Fmisc.c;fp=fs%2Fcifs%2Fmisc.c;h=432ba15e2c2dc2b07b31ca26ffeca869f6a3b5c8;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=22c937e5884f36baf85e49cb9f3c3fc014de4522;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 22c937e58..432ba15e2 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -72,9 +72,10 @@ sesInfoAlloc(void) struct cifsSesInfo *ret_buf; ret_buf = - (struct cifsSesInfo *) kzalloc(sizeof (struct cifsSesInfo), + (struct cifsSesInfo *) kmalloc(sizeof (struct cifsSesInfo), GFP_KERNEL); if (ret_buf) { + memset(ret_buf, 0, sizeof (struct cifsSesInfo)); write_lock(&GlobalSMBSeslock); atomic_inc(&sesInfoAllocCount); ret_buf->status = CifsNew; @@ -101,7 +102,6 @@ sesInfoFree(struct cifsSesInfo *buf_to_free) kfree(buf_to_free->serverDomain); kfree(buf_to_free->serverNOS); kfree(buf_to_free->password); - kfree(buf_to_free->domainName); kfree(buf_to_free); } @@ -110,9 +110,10 @@ tconInfoAlloc(void) { struct cifsTconInfo *ret_buf; ret_buf = - (struct cifsTconInfo *) kzalloc(sizeof (struct cifsTconInfo), + (struct cifsTconInfo *) kmalloc(sizeof (struct cifsTconInfo), GFP_KERNEL); if (ret_buf) { + memset(ret_buf, 0, sizeof (struct cifsTconInfo)); write_lock(&GlobalSMBSeslock); atomic_inc(&tconInfoAllocCount); list_add(&ret_buf->cifsConnectionList, @@ -422,7 +423,9 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length) { __u32 len = smb->smb_buf_length; __u32 clc_len; /* calculated length */ - cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len)); + cFYI(0, + ("Entering checkSMB with Length: %x, smb_buf_length: %x", + length, len)); if (((unsigned int)length < 2 + sizeof (struct smb_hdr)) || (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4)) { if ((unsigned int)length < 2 + sizeof (struct smb_hdr)) { @@ -430,36 +433,29 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length) sizeof (struct smb_hdr) - 1) && (smb->Status.CifsError != 0)) { smb->WordCount = 0; - /* some error cases do not return wct and bcc */ - return 0; + return 0; /* some error cases do not return wct and bcc */ } else { cERROR(1, ("Length less than smb header size")); } + } if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) - cERROR(1, ("smb length greater than MaxBufSize, mid=%d", - smb->Mid)); + cERROR(1, + ("smb_buf_length greater than MaxBufSize")); + cERROR(1, + ("bad smb detected. Illegal length. mid=%d", + smb->Mid)); return 1; } if (checkSMBhdr(smb, mid)) return 1; clc_len = smbCalcSize_LE(smb); - - if(4 + len != (unsigned int)length) { - cERROR(1, ("Length read does not match RFC1001 length %d",len)); - return 1; - } - - if (4 + len != clc_len) { - /* check if bcc wrapped around for large read responses */ - if((len > 64 * 1024) && (len > clc_len)) { - /* check if lengths match mod 64K */ - if(((4 + len) & 0xFFFF) == (clc_len & 0xFFFF)) - return 0; /* bcc wrapped */ - } - cFYI(1, ("Calculated size %d vs length %d mismatch for mid %d", - clc_len, 4 + len, smb->Mid)); + if ((4 + len != clc_len) + || (4 + len != (unsigned int)length)) { + cERROR(1, ("Calculated size 0x%x vs actual length 0x%x", + clc_len, 4 + len)); + cERROR(1, ("bad smb size detected for Mid=%d", smb->Mid)); /* Windows XP can return a few bytes too much, presumably an illegal pad, at the end of byte range lock responses so we allow for that three byte pad, as long as actual @@ -473,11 +469,8 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length) wct and bcc to minimum size and drop the t2 parms and data */ if((4+len > clc_len) && (len <= clc_len + 512)) return 0; - else { - cERROR(1, ("RFC1001 size %d bigger than SMB for Mid=%d", - len, smb->Mid)); + else return 1; - } } return 0; } @@ -500,12 +493,11 @@ is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) if(pSMBr->ByteCount > sizeof(struct file_notify_information)) { data_offset = le32_to_cpu(pSMBr->DataOffset); - pnotify = (struct file_notify_information *) - ((char *)&pSMBr->hdr.Protocol + data_offset); - cFYI(1,("dnotify on %s Action: 0x%x",pnotify->FileName, + pnotify = (struct file_notify_information *)((char *)&pSMBr->hdr.Protocol + + data_offset); + cFYI(1,("dnotify on %s with action: 0x%x",pnotify->FileName, pnotify->Action)); /* BB removeme BB */ - /* cifs_dump_mem("Rcvd notify Data: ",buf, - sizeof(struct smb_hdr)+60); */ + /* cifs_dump_mem("Received notify Data is: ",buf,sizeof(struct smb_hdr)+60); */ return TRUE; } if(pSMBr->hdr.Status.CifsError) {